diff options
author | John Hurliman | 2010-03-19 15:17:15 -0700 |
---|---|---|
committer | John Hurliman | 2010-03-19 15:17:15 -0700 |
commit | 5e65bef80565e754e3f6c6d20e7d57d702174034 (patch) | |
tree | 7ee0765c8e2dcc3f7f2bbdf5a7f43550c289950c /OpenSim/Region/CoreModules | |
parent | Renamed TryGetAvatar to TryGetScenePresence on SceneManager, SceneBase, Scene... (diff) | |
parent | Flesh out the new permission method (diff) | |
download | opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.zip opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.gz opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.bz2 opensim-SC_OLD-5e65bef80565e754e3f6c6d20e7d57d702174034.tar.xz |
Merge branch 'master' of ssh://opensimulator.org/var/git/opensim
Diffstat (limited to 'OpenSim/Region/CoreModules')
-rw-r--r-- | OpenSim/Region/CoreModules/World/Land/LandObject.cs | 2 | ||||
-rw-r--r-- | OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | 162 |
2 files changed, 98 insertions, 66 deletions
diff --git a/OpenSim/Region/CoreModules/World/Land/LandObject.cs b/OpenSim/Region/CoreModules/World/Land/LandObject.cs index b2d9b66..aca5514 100644 --- a/OpenSim/Region/CoreModules/World/Land/LandObject.cs +++ b/OpenSim/Region/CoreModules/World/Land/LandObject.cs | |||
@@ -894,7 +894,7 @@ namespace OpenSim.Region.CoreModules.World.Land | |||
894 | 894 | ||
895 | foreach (List<SceneObjectGroup> ol in returns.Values) | 895 | foreach (List<SceneObjectGroup> ol in returns.Values) |
896 | { | 896 | { |
897 | if (m_scene.Permissions.CanUseObjectReturn(this, type, remote_client, ol)) | 897 | if (m_scene.Permissions.CanReturnObjects(this, remote_client.AgentId, ol)) |
898 | m_scene.returnObjects(ol.ToArray(), remote_client.AgentId); | 898 | m_scene.returnObjects(ol.ToArray(), remote_client.AgentId); |
899 | } | 899 | } |
900 | } | 900 | } |
diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 5c7f3b7..4dbdb01 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs | |||
@@ -217,7 +217,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
217 | m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand; //FULLY IMPLEMENTED | 217 | m_scene.Permissions.OnIssueEstateCommand += CanIssueEstateCommand; //FULLY IMPLEMENTED |
218 | m_scene.Permissions.OnMoveObject += CanMoveObject; //MAYBE FULLY IMPLEMENTED | 218 | m_scene.Permissions.OnMoveObject += CanMoveObject; //MAYBE FULLY IMPLEMENTED |
219 | m_scene.Permissions.OnObjectEntry += CanObjectEntry; | 219 | m_scene.Permissions.OnObjectEntry += CanObjectEntry; |
220 | m_scene.Permissions.OnReturnObject += CanReturnObject; //NOT YET IMPLEMENTED | 220 | m_scene.Permissions.OnReturnObjects += CanReturnObjects; //NOT YET IMPLEMENTED |
221 | m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED | 221 | m_scene.Permissions.OnRezObject += CanRezObject; //MAYBE FULLY IMPLEMENTED |
222 | m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; | 222 | m_scene.Permissions.OnRunConsoleCommand += CanRunConsoleCommand; |
223 | m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED | 223 | m_scene.Permissions.OnRunScript += CanRunScript; //NOT YET IMPLEMENTED |
@@ -247,7 +247,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
247 | m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; //NOT YET IMPLEMENTED | 247 | m_scene.Permissions.OnDeleteUserInventory += CanDeleteUserInventory; //NOT YET IMPLEMENTED |
248 | 248 | ||
249 | m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED | 249 | m_scene.Permissions.OnTeleport += CanTeleport; //NOT YET IMPLEMENTED |
250 | m_scene.Permissions.OnUseObjectReturn += CanUseObjectReturn; //NOT YET IMPLEMENTED | ||
251 | 250 | ||
252 | m_scene.AddCommand(this, "bypass permissions", | 251 | m_scene.AddCommand(this, "bypass permissions", |
253 | "bypass permissions <true / false>", | 252 | "bypass permissions <true / false>", |
@@ -1275,12 +1274,106 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1275 | return false; | 1274 | return false; |
1276 | } | 1275 | } |
1277 | 1276 | ||
1278 | private bool CanReturnObject(UUID objectID, UUID returnerID, Scene scene) | 1277 | private bool CanReturnObjects(ILandObject land, UUID user, List<SceneObjectGroup> objects, Scene scene) |
1279 | { | 1278 | { |
1280 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | 1279 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); |
1281 | if (m_bypassPermissions) return m_bypassPermissionsValue; | 1280 | if (m_bypassPermissions) return m_bypassPermissionsValue; |
1282 | 1281 | ||
1283 | return GenericObjectPermission(returnerID, objectID, false); | 1282 | GroupPowers powers; |
1283 | ILandObject l; | ||
1284 | |||
1285 | ScenePresence sp = scene.GetScenePresence(user); | ||
1286 | if (sp == null) | ||
1287 | return false; | ||
1288 | |||
1289 | IClientAPI client = sp.ControllingClient; | ||
1290 | |||
1291 | foreach (SceneObjectGroup g in new List<SceneObjectGroup>(objects)) | ||
1292 | { | ||
1293 | // Any user can return their own objects at any time | ||
1294 | // | ||
1295 | if (GenericObjectPermission(user, g.UUID, false)) | ||
1296 | continue; | ||
1297 | |||
1298 | // This is a short cut for efficiency. If land is non-null, | ||
1299 | // then all objects are on that parcel and we can save | ||
1300 | // ourselves the checking for each prim. Much faster. | ||
1301 | // | ||
1302 | if (land != null) | ||
1303 | { | ||
1304 | l = land; | ||
1305 | } | ||
1306 | else | ||
1307 | { | ||
1308 | Vector3 pos = g.AbsolutePosition; | ||
1309 | |||
1310 | l = scene.LandChannel.GetLandObject(pos.X, pos.Y); | ||
1311 | } | ||
1312 | |||
1313 | // If it's not over any land, then we can't do a thing | ||
1314 | if (l == null) | ||
1315 | { | ||
1316 | objects.Remove(g); | ||
1317 | continue; | ||
1318 | } | ||
1319 | |||
1320 | // If we own the land outright, then allow | ||
1321 | // | ||
1322 | if (l.LandData.OwnerID == user) | ||
1323 | continue; | ||
1324 | |||
1325 | // Group voodoo | ||
1326 | // | ||
1327 | if (land.LandData.IsGroupOwned) | ||
1328 | { | ||
1329 | powers = (GroupPowers)client.GetGroupPowers(land.LandData.GroupID); | ||
1330 | // Not a group member, or no rights at all | ||
1331 | // | ||
1332 | if (powers == (GroupPowers)0) | ||
1333 | { | ||
1334 | objects.Remove(g); | ||
1335 | continue; | ||
1336 | } | ||
1337 | |||
1338 | // Group deeded object? | ||
1339 | // | ||
1340 | if (g.OwnerID == l.LandData.GroupID && | ||
1341 | (powers & GroupPowers.ReturnGroupOwned) == (GroupPowers)0) | ||
1342 | { | ||
1343 | objects.Remove(g); | ||
1344 | continue; | ||
1345 | } | ||
1346 | |||
1347 | // Group set object? | ||
1348 | // | ||
1349 | if (g.GroupID == l.LandData.GroupID && | ||
1350 | (powers & GroupPowers.ReturnGroupSet) == (GroupPowers)0) | ||
1351 | { | ||
1352 | objects.Remove(g); | ||
1353 | continue; | ||
1354 | } | ||
1355 | |||
1356 | if ((powers & GroupPowers.ReturnNonGroup) == (GroupPowers)0) | ||
1357 | { | ||
1358 | objects.Remove(g); | ||
1359 | continue; | ||
1360 | } | ||
1361 | |||
1362 | // So we can remove all objects from this group land. | ||
1363 | // Fine. | ||
1364 | // | ||
1365 | continue; | ||
1366 | } | ||
1367 | |||
1368 | // By default, we can't remove | ||
1369 | // | ||
1370 | objects.Remove(g); | ||
1371 | } | ||
1372 | |||
1373 | if (objects.Count == 0) | ||
1374 | return false; | ||
1375 | |||
1376 | return true; | ||
1284 | } | 1377 | } |
1285 | 1378 | ||
1286 | private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene) | 1379 | private bool CanRezObject(int objectCount, UUID owner, Vector3 objectPosition, Scene scene) |
@@ -1747,67 +1840,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions | |||
1747 | return GenericObjectPermission(agentID, prim, false); | 1840 | return GenericObjectPermission(agentID, prim, false); |
1748 | } | 1841 | } |
1749 | 1842 | ||
1750 | private bool CanUseObjectReturn(ILandObject parcel, uint type, IClientAPI client, List<SceneObjectGroup> retlist, Scene scene) | ||
1751 | { | ||
1752 | DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); | ||
1753 | if (m_bypassPermissions) return m_bypassPermissionsValue; | ||
1754 | |||
1755 | long powers = 0; | ||
1756 | if (parcel.LandData.GroupID != UUID.Zero) | ||
1757 | client.GetGroupPowers(parcel.LandData.GroupID); | ||
1758 | |||
1759 | switch (type) | ||
1760 | { | ||
1761 | case (uint)ObjectReturnType.Owner: | ||
1762 | // Don't let group members return owner's objects, ever | ||
1763 | // | ||
1764 | if (parcel.LandData.IsGroupOwned) | ||
1765 | { | ||
1766 | if ((powers & (long)GroupPowers.ReturnGroupOwned) != 0) | ||
1767 | return true; | ||
1768 | } | ||
1769 | else | ||
1770 | { | ||
1771 | if (parcel.LandData.OwnerID != client.AgentId) | ||
1772 | return false; | ||
1773 | } | ||
1774 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupOwned); | ||
1775 | case (uint)ObjectReturnType.Group: | ||
1776 | if (parcel.LandData.OwnerID != client.AgentId) | ||
1777 | { | ||
1778 | // If permissionis granted through a group... | ||
1779 | // | ||
1780 | if ((powers & (long)GroupPowers.ReturnGroupSet) != 0) | ||
1781 | { | ||
1782 | foreach (SceneObjectGroup g in new List<SceneObjectGroup>(retlist)) | ||
1783 | { | ||
1784 | // check for and remove group owned objects unless | ||
1785 | // the user also has permissions to return those | ||
1786 | // | ||
1787 | if (g.OwnerID == g.GroupID && | ||
1788 | ((powers & (long)GroupPowers.ReturnGroupOwned) == 0)) | ||
1789 | { | ||
1790 | retlist.Remove(g); | ||
1791 | } | ||
1792 | } | ||
1793 | // And allow the operation | ||
1794 | // | ||
1795 | return true; | ||
1796 | } | ||
1797 | } | ||
1798 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnGroupSet); | ||
1799 | case (uint)ObjectReturnType.Other: | ||
1800 | if ((powers & (long)GroupPowers.ReturnNonGroup) != 0) | ||
1801 | return true; | ||
1802 | return GenericParcelOwnerPermission(client.AgentId, parcel, (ulong)GroupPowers.ReturnNonGroup); | ||
1803 | case (uint)ObjectReturnType.List: | ||
1804 | break; | ||
1805 | } | ||
1806 | |||
1807 | return GenericParcelOwnerPermission(client.AgentId, parcel, 0); | ||
1808 | // Is it correct to be less restrictive for lists of objects to be returned? | ||
1809 | } | ||
1810 | |||
1811 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { | 1843 | private bool CanCompileScript(UUID ownerUUID, int scriptType, Scene scene) { |
1812 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); | 1844 | //m_log.DebugFormat("check if {0} is allowed to compile {1}", ownerUUID, scriptType); |
1813 | switch (scriptType) { | 1845 | switch (scriptType) { |